Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:20349 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 89809 invoked by uid 1010); 25 Nov 2005 09:51:22 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 89794 invoked from network); 25 Nov 2005 09:51:22 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Nov 2005 09:51:22 -0000 X-Host-Fingerprint: 195.227.108.51 wfserver02.wf-ppr.de Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) Received: from ([195.227.108.51:54012] helo=wfserver02.wf-ppr.de) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id 16/32-56276-99ED6834 for ; Fri, 25 Nov 2005 04:51:22 -0500 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Fri, 25 Nov 2005 10:51:17 +0100 Message-ID: <00A2E2156BEE8446A81C8881AE117F192C1CF6@companyweb> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [PHP-DEV] Re: PDM Meeting Notes Thread-Index: AcXxREBGNsEVALdDSD+pZpRonfQ9UQAYR/Qg To: "Rasmus Lerdorf" , "Peter Brodersen" Cc: Subject: AW: [PHP-DEV] Re: PDM Meeting Notes From: mp@webfactory.de ("Matthias Pigulla") =20 > > Well, safe_mode could prevent someone of doing a shell_exec("cat=20 > > /home/otheruser/web/config.php"); open_basedir can't do the same=20 > > thing. >=20 > We were in a continual losing race against that sort of thing though.=20 > In pretty much every single release there have been ways to=20 > do this that got around safe-mode. Because of bugs in the safe_mode implementation (forgetting some checks?) or conceptual problems? > I have always maintained that shared hosts should be running=20 > per-security context Apache instances as different users. The problem with that is that it makes name-based virtual hosts pretty pointless because each apache instance will at least need an ip address on its own. -mp.